Malicious PDF — malware analysis report

Static analysis result for SHA-256 57d6cae78f0ead49…

MALICIOUS

PDF

44.8 KB Created: 2019-04-03 18:19:13 +03:00 Authoring application: PrimoPDF http://www.primopdf.com (via Nitro PDF PrimoPDF)
MD5: bfec88309264ad6e47751c52988ebf87 SHA-1: c88f0d45431f5c55b7c501523bfdb46e71bbf808 SHA-256: 57d6cae78f0ead49a19bde769b27a9b02114912873f3db2f6054875ae4eafa28
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF contains a large number of embedded links to external PDF files, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier also flagged this PDF as malicious. The document body itself is heavily obfuscated, but the presence of numerous links to a single domain suggests a coordinated effort to direct users to potentially harmful content, possibly for SEO manipulation or to host further malicious payloads.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8439

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/beau-geste-gateway-movie-classics.pdf
    • http://www.gorillawalker.com/dungeons-of-despair-advanced-dungeons-dragons.pdf
    • http://www.gorillawalker.com/chandos-anthem-vi-in-thee-o-lord-have-i-trusted.pdf
    • http://www.gorillawalker.com/corporate-concentration-national-and-international-regulation-michigan-yearbook-of-international.pdf
    • http://www.gorillawalker.com/histological-and-histochemical-methods-fifth-edition-theory-and-practice.pdf
    • http://www.gorillawalker.com/empire-building-the-remarkable-real-life-story-of-star-wars.pdf
    • http://www.gorillawalker.com/decline-and-fall-the-end-of-empire-and-the-future.pdf
    • http://www.gorillawalker.com/considerations-on-negro-slavery-with-authentic-reports-illustrative-of-the.pdf
    • http://www.gorillawalker.com/nelson-and-the-nile-the-naval-war-against-napoleon-bonaparte.pdf
    • http://www.gorillawalker.com/mcdougal-littell-middle-school-math-preparation-for-ms-math-student.pdf
    • http://www.gorillawalker.com/chilton-s-truck-and-van-repair-manual-1998-2002-perennial.pdf
    • http://www.gorillawalker.com/el-francotirador-paciente-spanish-edition.pdf
    • http://www.gorillawalker.com/magnetophotonics-from-theory-to-applications-springer-series-in-materials-science.pdf
    • http://www.gorillawalker.com/hypobaric-storage-in-food-industry-advances-in-application-and-theory.pdf
    • http://www.gorillawalker.com/understanding-flying-weather-flying-and-gliding.pdf
    • http://www.gorillawalker.com/a-brief-guide-to-charles-darwin-brief-history.pdf
    • http://www.gorillawalker.com/destined-haven-house-vampires.pdf
    • http://www.gorillawalker.com/a-career-girl-s-guide-to-becoming-a-stepmom-publisher.pdf
    • http://www.gorillawalker.com/100-things-rangers-fans-should-know-do-before-they-die.pdf
    • http://www.gorillawalker.com/the-mother-of-the-gods-athens-and-the-tyranny-of.pdf
    • http://www.gorillawalker.com/stop-domestic-violence.pdf
    • http://www.gorillawalker.com/occupational-therapy-in-psychiatry-and-mental-health.pdf
    • http://www.gorillawalker.com/an-executive-guide-to-case-management-strategies-j-b-aha.pdf
    • http://www.gorillawalker.com/digging-the-afro-american-soul-of-american-classical-music.pdf
    • http://www.gorillawalker.com/nature-protests-the-end-of-ecology-in-slovakia-culture-place.pdf
    • http://www.gorillawalker.com/translating-property-the-maxwell-land-grant-and-the-conflict-over.pdf
    • http://www.gorillawalker.com/entrenar-al-contraataque-baloncesto-spanish-edition.pdf
    • http://www.gorillawalker.com/george-carlin-reads-to-you-new-expanded-edition-brain-droppings.pdf
    • http://www.gorillawalker.com/touring-map-of-namibia-etosha-pan-windhoek-and-fish-river.pdf
    • http://www.gorillawalker.com/statistics-for-analytical-chemistry-ellis-horwood-series-in-analytical-chemistry.pdf
    • http://www.gorillawalker.com/tribology-and-dynamics-of-engine-and-powertrain-fundamentals-applications-and.pdf
    • http://www.gorillawalker.com/understanding-the-constitution.pdf
    • http://www.gorillawalker.com/tools-extending-our-reach.pdf
    • http://www.gorillawalker.com/the-rose-cleanse-the-final-word-on-cleansing.pdf
    • http://www.gorillawalker.com/invisible-helpers.pdf
    • http://www.gorillawalker.com/xenosaga-episode-iii-also-sprach-zarathustra-signature-series-guide-bradygames.pdf
    • http://www.gorillawalker.com/perspectives-on-marriage-a-reader.pdf
    • http://www.gorillawalker.com/nearer-than-the-sky.pdf
    • http://www.gorillawalker.com/a-guide-for-the-food-allergic-patient.pdf
    • http://www.gorillawalker.com/illuminations-the-healing-of-the-soul.pdf
    • http://www.primopdf.com
    • http://www.gorillawalker.com/considerations-on-negro-slav
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    +1 more URL(s)

Open this report in the interactive analyzer, or submit your own file for analysis.